progressive enhancement using wsgi
Post on 10-Dec-2014
516 Views
Preview:
DESCRIPTION
TRANSCRIPT
Matthew Wilkes
Progressive enhancement using WSGI
/ˈwɪski/A Python API for web applications
Matthew Wilkes
• Zope / Plone core developer.
• Performance and Security work at the Code Distillery
• WSGI/Whisky snob.
• Developed large applications using WSGI.
• Co-author of the Zope’s WSGI support.
WSGI apps
Just an API for handling HTTP requests. Used by:
• Pyramid
• Zope
• CherryPy
• Web2Py
• … most people
Composites
Composites join multiple WSGI apps together
• Subsite URL Routing
• Management screens
Middlewares
Middlewares are used for changing a webapp’s input/output
• Theming/Design
• Error handling
• Adding features
• URL rewriting
• Embargos of information
Mistakes…
Python specific
• “Middlewares are easier to write than normal libraries”
• Cannot assume that you won’t want to use it on a PHP app in future
• Proxies allow heterogenous applications to be composed
• Being language agnostic doesn’t mean you will have to write Perl code (it helps you avoid it)
A waste of time
• Simple modifications work best as middlewares
• But, simple modifications are easy in your framework
• “I should just fix it in place”
• “This wouldn’t be useful to other people, so I’ll leave it in the customer project”
• You’ll likely make another website sometime soon
The Good bits
Great libraries
• WebOb makes requests easy to deal with.
• The wsgiref WSGI web server is in the Standard Library
• Lots of other server frontends to select for production
• Paste’s Transparent Proxy lets you test the middleware on any website
• lxml makes managing HTML easy
• PasteDeploy provides .ini app composition
Templates
• http://pypi.python.org/pypi/wsgitemplates
• http://pythonpaste.org/deploy/#the-config-file
• http://docs.webob.org/en/latest/wiki-example.html
But… you said progressive enhancement
CAPTCHAs
• Many ways to do them in Plone
• Archetypes, formlib, z3c.form, custom view, plone.app.discussion, PloneFormGen, …
• Some code reuse
• Not enough
• So, middleware?
CAPTCHAs
• If we’re building a new application we have the most flexibility.
• We want a boolean, isHuman.
• Simplest CAPTCHA possible is a checkbox.(Hey! No lying, Spambots!)
• So, add that with your favourite form library.
CAPTCHAs
• Not a very effective CAPTCHA.
• But, many historical CAPTCHAs are now unusable…
• As the enemy is getting better, too.
• Need to decouple the logic of ‘test for human’ and the method.
• Use a WSGI Middleware to rewrite the form.
The code
• The middleware extracts the checkboxes from the application as requests are served.
• CAPTCHAs are generated and the image inserted.
• The valid responses are stored in memory.
• Inbound requests check the input and emulate selecting the checkbox.
CAPTCHAs
• A small Python class will now work on any web-app backend.
• If you happen to have another application that also outputs the checkboxes, this will slot right in front
• But… you don’t really want to be adding checkboxes to the legacy apps.
• So, middleware?
The code
• The middleware detects <form>s as requests are served.
• The checkbox is inserted
• Inbound requests check if the checkbox is selected
• If not, redirect back with form data in GET
• Otherwise, remove the checkbox value and POST on.
Overkill?
Maybe.
• Performance damage is very low.
• Decide on the what will save you the most development time in the long-term.
• Need more initial effort for the middleware
• But all your deployments that use it can do so without the ‘upgrade the customer site to the latest trunk’ tax that stops you right now.
• And it can be open sourced, so others will help you add features.
Links
https://github.com/MatthewWilkes/islay.simplecaptcha
https://github.com/MatthewWilkes/islay.hardercaptcha
The Code DistilleryBristol
Questions?
Or contact us on:alan@thedistillery.eu matt@thedistillery.eu
top related